HPE Storage Users Group https://3parug.com/ |
|
3.3.1 MU3 Upgrade - Error: ldap-ssl-cacert must be defined. https://3parug.com/viewtopic.php?f=18&t=3283 |
Page 1 of 1 |
Author: | msarro [ Tue Sep 24, 2019 9:34 am ] |
Post subject: | 3.3.1 MU3 Upgrade - Error: ldap-ssl-cacert must be defined. |
Hey everyone. I am working through writing docs to get MU3 installed across our fleet of 3par 8440s. Everything seems to be fine, except when I run the system readiness check I get the following test as failed: Quote: Error: ldap-ssl-cacert must be defined. Import a LDAP certificate via 'importcert ldap -ca <cert>'. At the moment we're using a simple ldap binding to a federated AD global catalog (port 3269). We aren't using SSL certificates, and it's working just fine. Can this failure be safely ignored, or is it a new hard requirement? My big concern is that our organization uses a massive p7b cert chain for its CA cert and a lot of devices have a very hard time leveraging it - 3par included. So a simple binding tends to work best for us. Per microsoft, global catalogs don't necessarily support SSL by default: Quote: Note that SSL is not available by default on your domain controllers. You need to deploy a PKI and issue certificate for your domain controller. https://social.technet.microsoft.com/Fo ... inserverDS So that would seem to indicate that this shouldn't be a hard requirement, correct? Edit: I've been able to add in our CA root certificate (ignored the rest of the bundle), but doing so automatically switches from simple binding to SASL/DIGEST-MD5. As soon as we do that, we can no longer authenticate. Switching back to simple on the CLI seems to keep the CA cert, but also allows us to authenticate. |
Page 1 of 1 | All times are UTC - 5 hours |
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/ |